Any WHM/Exim configuration gurus around??

[srichards]

WHM is doing my head in. I need to add a directive into the exim configuration to block certain email senders from certain domains as they are just sending me spam all the time.

Every single ACL command I have tried isn't recognised in the WHM advanced editor. My vps provider tried to do it and managed to stop email from working altogether.

I was looking at using the following:

acl_check_sender:
deny senders = /etc/exim/sender_reject.list
accept

I have the sender_reject.list file with:

*@.ru
*@.mobi
*@gmail.com

I think this should take someone that knows what they're doing 5/10 minutes to do but I've been trying to do it ALL day. It's such a waste of time! I can't edit the exim configuration file directly as WHM will get in a twist and the utility for checking and correctly updating the exim.conf file if you directly edit isn't on the VPS.

I need to know where the acl_check_sender directive has to be put and whether there needs to be anything else. There is one place to add these things into the WHM advanced exim configuration editor and it doesn't like anything other than a domain list. Then If I use the domain list directive I have to add something into the ROUTER configuration but there isn't an obvious way of doing it.

I tried asking on the cpanel forum but they seem to be avoiding answering the question. Other solutions they have come up with are either for stopping out going mail or they are for single domains and not something in an easily editable list.

I am beginning to think that it has been deliberately designed to stop you doing this!

I have some of the domains blocked via the user prefs in spam-assassin but this is wasteful as I'd rather these senders were just binned straight off without using resources.

All I want is a list of domains I maintain that I want to block that exim takes notice of. Why is it seemingly so hard to do??

 

[gramps]

Why not simply add a filter in cPanel?

 

[srichards]

Why not simply add a filter in cPanel?

Filter in which part of cpanel do you mean?

 

[gramps]

Mail > Account Level Filtering > Create New Filter

 

[srichards]

Ooh. That might do. Not sure how or why no one else seems to have mentioned that even exists! Will mess with that later

 

[srichards]

That's no good either. That filtering is again at a user level and not a server level. It has to be something that goes across all accounts without having to fanny around adding it individually.

I can't believe how crap cpanel/whm is. Plesk lets you have a server wide domains blacklist that takes wildcards. It takes seconds to add a domain.

 

[gramps]

There is a product called 'Mailscanner' which will add the facility to white/blacklist server-wide, if necessary the provider will install it for you at a charge.
If you have too many domains to do it individually server-wide, this would be a good option and will provide additional benefits.

 

[onomatopoeia]

WHM is doing my head in. I need to add a directive into the exim configuration to block certain email senders from certain domains as they are just sending me spam all the time.

Every single ACL command I have tried isn't recognised in the WHM advanced editor. My vps provider tried to do it and managed to stop email from working altogether.

I was looking at using the following:

acl_check_sender:
deny senders = /etc/exim/sender_reject.list
accept

I have the sender_reject.list file with:

*@.ru
*@.mobi
*@gmail.com

Your acl looks fine, but you haven't told exim when to apply it. But to answer your question about where it goes in the file first, the user-defined ACLs go in the section that starts with a line

begin acl

They are self terminating - the presence of an ACL name ending in a colon terminates the preceeding acl and starts a new one.

You must associate an acl you define with one of the pre-defined options when the ACL should be checked, in your example that's probably when parsing the DATA section of the SMTP envelope, which means acl_smtp_data , so

acl_smtp_data = acl_check_sender

This should go before the acls are defined (at least, it does in my configuration files), so the order would be:

acl_smtp_data = acl_check_sender
begin acl
acl_check_sender:
etc etc etc

Other things may exist in /etc/exim4.conf (or whatever it is called in your distribution) between each of those lines, in traditional form it's a huge monolithic beast of a config file (debian gives the option to break it down into multiple files in /etc/exim4/conf.d or similar, which makes it easier to manage, don't know if the distros based on debian, e.g. ubuntu and it's daughters such as mint, do).

Do you have a root shell you can ssh into? I never, ever try to administer servers with cpanel or any other kind of "admin" tool so have no idea about WHM etc. , because I don't trust automated systems to write configuation files.

Don't forget you must restart exim to force it to re-read its configuration file

/etc/init.d/exim restart (may be different on your distribution)


If you didn't already think I was a nerd, you should be in no doubt now

 

[srichards]

I can go in via ssh but the utility for rebuilding the exim.conf and checking it is ok seems to be missing.

Now I know where it should go and I have a chance of doing it

 

[srichards]

There is a product called 'Mailscanner' which will add the facility to white/blacklist server-wide, if necessary the provider will install it for you at a charge.
If you have too many domains to do it individually server-wide, this would be a good option and will provide additional benefits.

I looked at mail scanner but it doesn't work with the built in clamav module so I dismissed it. You have to uninstall clamav altogether. I use that module so it's no good unfortunately.

 

[srichards]

Drat. acl_smtp_data is already defined. It's defined as acl_smtp_data = acl_smtp_data... so I'm confused as whether I can put my check sender thing in there instead or not. Or I'd have to do both. Errrr!

Tried adding it in. WHM says it is ok. Save it then the stupid thing screws it up totally and completely re-arranges what's been written!

What's even more confusing is that sometimes it seems to be used to deny senders *from* the server and not senders to that server.

Managed to get it in without whm whinging but this is in the exim_mainlog instead:

temporarily rejected after DATA: unknown ACL verb "acl_deny_sender" in "acl_deny_sender = /etc/exim/sender_reject.list"

Which means I'm back to where I started two days ago when the vps support tried the same thing.

I swear cpanel/whm have colluded so that you CANNOT have a domain name blacklist without using mail scanner.

 

[gramps]

I looked at mail scanner but it doesn't work with the built in clamav module so I dismissed it. You have to uninstall clamav altogether. I use that module so it's no good unfortunately.

Mailscanner contains clamav so you would simply be replacing it.

 

[srichards]

They don't make that clear on the installation information!! It says remove it and then doesn't mention it is built in....

 

[gramps]

The software works with any Unix-based system and is compatible with a wide range of mail transports. It comes with support for any combination of 25 different virus scanner packages, including the free ClamAV scanner, and its design allows the use of multiple virus scanners in parallel to increase the level of security.

That doesn't actually make it clear that it's included - it was whilst I was using it up until a month ago when I gave up my server - use the 'Contact Us' link to ask any questions, they are very good and very supportive

 

[srichards]

Does it become a proper module that you can configure in whm/cpanel?

 

[gramps]

Yes, it appears in the left column of WHM as an add-on - the 'front end' is a simple way of white/blacklisting at various levels.
I used their full package for mail and server security and got it all installed on the server by them via this site: http://configserver.com/index.html - it is far, far better than the standard server arrangements as I have quickly confirmed since moving down to a Reseller account.

 

[srichards]

Cool. I may consider that then

 

[neil_g]

That's no good either. That filtering is again at a user level and not a server level. It has to be something that goes across all accounts without having to fanny around adding it individually.

I can't believe how crap cpanel/whm is. Plesk lets you have a server wide domains blacklist that takes wildcards. It takes seconds to add a domain.

who do you use? my cpanel has account (i.e. your entire cpanel setup) or user level filtering.

 

[gramps]

who do you use? my cpanel has account (i.e. your entire cpanel setup) or user level filtering.

I'm assuming he has numerous 'accounts' so would need to setup filtering for each 'account' on the server.

 

[neil_g]

i use account level for filtering across all of my mailboxes/domains?

 

[gramps]

i use account level for filtering across all of my mailboxes/domains?

Globally for all domains by one action or by individual action for each domain?

 

[srichards]

I use a vps from solarvps and have several accounts on it although they're basically all me... Plesk dealt with this scenario more easily.

The whm exim configuration editor is the only place to put server wide policies it seems.

I'm a she incidentally!

 

[neil_g]

Globally for all domains by one action or by individual action for each domain?

one action

 

[gramps]

one action

Well that would probably interest both of us ... where/how do you do that?

 

[gramps]

I'm a she incidentally!

 

[neil_g]

in my cpanel its just the option to the left of user level filtering?

 

[gramps]

View attachment 6188

But surely that only does all the email accounts under that single domain, e.g. 1234.org ... it wouldn't affect email under the domain 2345.org, even though on the same server?

 

[srichards]

If you're in the root whm/cpanel it isn't there. The Mail account filtering only appears at user level cpanel so has to be done for each user.

 

[gramps]

The Mail account filtering only appears at user level cpanel so has to be done for each user.

You don't see the above (or very similar) setting options for mail in mydomain.com/cpanel (i.e. user or account level filtering)?

 

[srichards]

You don't see the above (or very similar) setting options for mail in mydomain.com/cpanel (i.e. user or account level filtering)?

Not in the root panel no. In the user panel for the particular user those filter options are there but it's no good to me there as it needs to be something that would be replicated across all users at once.

In the main server email configuration there is a blacklist by ip option but no blacklist by domain. I need the latter.

I'm half wondering whether to create my own custom RBL server with just the domains I want to block in it. It's ridiculous that something that should be so easy involves endless jumping through hoops.

 

[gramps]

I would thoroughly recommend using Configserver for Mailscanner or a complete server package, it's brilliant.

 

[onomatopoeia]

temporarily rejected after DATA: unknown ACL verb "acl_deny_sender" in "acl_deny_sender = /etc/exim/sender_reject.list"

acl_deny_sender is not an exim action, so needs to be defined as a user acl. Iniitally you were defining a user acl of acl_check_sender ('check' rather than 'deny') in the first post on this topic. The name of user acl that is assigned to an exim action must be defined in the begin acl section of the configuration, so you need to ensure you use check in both places, or deny in both places. This could be the reason for the entry in the exim mainlog.

On further reading, if you define an acl_check_sender, it may be necessary to link to the exim acl_smtp_mail action rather than acl_smtp_data that I suggested earlier - this will filter on the MAIL FROM: part of the SMTP envelope rather than the headers of message data. I don't really want to get into an explanation of all of the differences between envelope, headers and message, I don't have enough time while doing a complete rebuild of my source for one thing! So

acl_smtp_mail = acl_check_sender

I find the exim configuration file a right pain in the bum if I'm honest, someone I know says it looks like it was designed by a computer science student at Cambridge and I can see where he's coming from.

 

[srichards]

Thanks. That makes sense.

Luckily I know about envelope, headers etc already

So near.. yet so far. I will not be defeated!!

I'm know looking at the acl_smtp_mail:
custom_begin_mail_pre
area as the one that needs modifying so it will run before it starts off anything else.

 

[srichards]

Done it!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

Used this: http://forum.ahosting.net/f15/how-manually-block-reject-emails-domain-exim-662.html

The one I didn't want to use which uses the routers section is what worked.

Not sure whether I should silently fail the messages instead of sending out 'domain is manually blacklisted' message though.

What an absolute arse ache it has been.

 

[onomatopoeia]

Glad you got it sorted out, have to admit that I've not played with routers or transports in exim, as I've not needed to (yet).

 

[srichards]

I didn't do much. Copy, paste and hope